Skip to content
MozDef: The Mozilla Defense Platform
Branch: master
Clone or download
Latest commit 0d13b62 Mar 22, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
alerts Create alert plugins directory Mar 22, 2019
benchmarking Fixup block comments not having a space after hash Dec 14, 2018
config Update missing references to alertactions in syslog configs Mar 21, 2019
docker Update plugin references in cloudy mozdef docker env Mar 20, 2019
docs Fixup remaining mozdefalertplugin references Mar 22, 2019
examples Remove .keys() call during key exists comparison Feb 15, 2019
meteor Revert "Reenable node tls reject check in meteor" Mar 1, 2019
mozdef_util Destroy plugin manager at end in plugin set Mar 22, 2019
mq Merge pull request #1132 from mozilla/fix_cloudtrail_parsing Mar 21, 2019
rest Merge pull request #1105 from mozilla/fixup_keys_references Feb 27, 2019
tests Remove plugins module from sys modules if exists in tests Mar 22, 2019
.flake8 Fixup unused variables check Dec 14, 2018
.travis.yml upgrade travis docker-compose as per… Oct 30, 2018
CHANGELOG Modifying urls to point to mozilla from jeffbryner, slight readabilit… Jun 15, 2017
LICENSE Updated license file to conform with MPL Feb 25, 2014
Makefile Setup default hosted CloudFormation templates Jan 10, 2019

Build Status Documentation Status

MozDef: The Mozilla Defense Platform


The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.


  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, cymon, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation


MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

Give MozDef a Try in AWS:

Launch MozDef


You can’t perform that action at this time.